Talos

May 23, 2019

THREAT RESEARCH

One year later: The VPNFilter catastrophe that wasn’t

One year ago, Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware...

April 23, 2019

THREAT RESEARCH

DNSpionage brings out the Karkoff

In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...

April 17, 2019

THREAT RESEARCH

DNS Hijacking Abuses Trust In Core Internet Service

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...

April 9, 2019

THREAT RESEARCH

Gustuff banking botnet targets Australia

Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message...

April 5, 2019

SECURITY

Social media and black markets

Cybercrime happens in hidden corners of the Internet, but also in social networks: Cisco Talos uncovered 74 criminal groups on Facebook. Fortunately, Cisco has a layered defense against cybercriminals.

March 5, 2019

THREAT RESEARCH

Cisco, Talos tout importance of IoT security at RSA keynote

By 2020, Gartner predicts 20 billion connected devices will be online — and more devices mean more security threats. Connected devices have exploded into the public and corporate landscape, rattling...

February 4, 2019

THREAT RESEARCH

ExileRAT shares C2 with LuckyCat, targets Tibet

Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....

January 24, 2019

THREAT RESEARCH

AMP tracks new campaign that delivers Ursnif

This blog post was authored by John Arneson of Cisco Talos Executive Summary Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after...

January 15, 2019

THREAT RESEARCH

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...